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LISTING OF THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the present application. 
Additions are identified bv underlining . Deletions are indicated by otrikethrough or [[double brackets]]. 

L (Currently Amended) A method of enhancing the security of a message sent by a principal from a 
client computer through a network server to a destination server, comprising the steps of: 

(a) obtaining by the client computer credentials for authorizing the principal from a 
validation center; 

(b) establishing a first secure connection for exchanging data between, the client and the 
network server; 

(c) transmitting from the client computer to the network server over the first secure 
connection t he principal-authenticating credentials and the message; 

(d) transmitting the principal-authenticating credentials from the network server to the 
validation cento; 

(e) transmitting permission data for the network server from the validation center to the 
network server based on the principal-authenticating credentials; 

, (f) verifying the authorization of the principal in the network server to access a digital 
certificate and issuing a digital certificate to the network server; 

(g) establishing a second secure connection for exchanging data between the network server 
and the destination server based on the digital certificate; and 

(h) transmitting the message from the network server to the destination server over the 
second secure connection, 

2. (Previously Presented) The method of claim l f wherein the establishing step (b) utilizes the Secure 
Sockets Layer (SSL) protocol. 

3. (Previously Presented) The method of claim 1, wherein the establishing step (b) further comprises 
the substeps of: 

transmitting from the network server to the client server a network server key associated with a 
public-private key pair and a known cryptographic algorithm; 
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transmitting ftom the client server to the network server a session key encrypted using the known 
cryptographic algorithm and the network server key, and 

transmitting from the network server to the client server information encrypted using the known 
cryptographic algorithm and the session key to authenticate the network server to the client server, 

4. (Original) The method of claim I, wherein the establishing step (g) utilizes the Secure Sockets Layer 
(SSL) protocol 

5. (Original) The method of claim I, wherein the establishing step (g) further comprises the substeps 
of: 

transmitting from the destination server to the network server a destination server key associated 
with a public-private key pair and a known cryptographic algorithm; 

transmitting from the network server to the destination server a session key encrypted using the 
known cryptographic algorithm and the destination server key; and 

transmitting from the destination server to the network server information encrypted using the 
known cryptographic algorithm and the session key to authenticate the destination server to the network 
server 

6. (Currently Amended The method of claim 1, wherein the obtaining step (a) further comprises the 
substeps of: 

sending a request for credentials for the principal to the validating center; 
receiving the credentials for the principal for from the validation center, and 
storing the credentials in tho orodontinls oaehe^a the client computer server* 

7. (Original) The method of claim 1 wherein the principal-authenticating credentials comprise a ticket- 
granting ticket and a session key. 

8. (Original) The method of claim 7 wherein the transmitting step (d) further comprises the substep of: 

transmitting from the network server to the validating center a ticket-granting ticket and an 
anthenticator. 
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9. (Original) The method of claim 8 wherein the ticket-granting ticket comprises a session key 
encrypted with a permanent key for the validation center. 

10. (Original) The method of claim 9 wherein the authenticator is a data structure encrypted usin^ the 
session key. 

11. (Original) The method of claim 10 wherein the transmitting step (e) further comprises the suhstep 

of: 

decrypting the ticket-granting ticket at the validation center to extract a session key. 

12. (Original) The meihod of claim 1 1 wherein the permission data comprises an authenticator. 

13. (Original) The meihod of claim 12 wherein the authenticator comprises a data structure encrypted 
with the session key. 

14. (Original) The method of claim 1 further comprising the steps of: 

transmitting a Tequest for a server ticket from the network server to the validation center, 
creating a server ticket for the network server at the validation center; and 
receiving the server ticket from the validation center at the network server. 

1 5. (Original) The method of claim 5 wherein the verifying step (f) further includes the substeps of: 

extracting an access control list and verifying that the principal is authorized to access a digital 
certificate and a destination server key; and 

issuing a digital certificate and a destination server key. 

16. (Original) The method of claim 15 wherein the digital certificate conforms with Ihe X.509 standard. 

17. (Original) The method of claim 1 wherein the establishing step (g) further comprises the substep of: 

establishing a secure connection from the network server to more than one destination server. 



4 



PAGE 8121 * RCVD AT 1/1912006 9:28:32 AM [Eastern Standard Time] 1 SVR:USPTO-EFXRF-6/25 * DNIS:2731630 * CSID:9727183946 * DURATION (mm-ss):06-36 



01/19/06 THU 09:29 FAI 9727183946 



VERIZON IP 



@009 



18. (Original) The method of claim 17 wherein each connection between the network server and a 
destination server is managed by a separate remote command execution client. 

19. (Original) The method of claim 1 wherein the validation center utilizes a Kerberos protocol 

20. (Original) The method of claim 1 wherein the message comprises command data. 

21. (Original) The method of claim 20 wherein the command data comprise a remote user name, a 
destination server list, and a command. 

22. (Original) The method of claim 1 further comprising the step of temporarily storing the principal- 
authenticaring information. 

23. (Currently Amended) A method of providing a remote interactive login connection for a principal 
from a client computer through a network server to a destination server, comprising the steps of: 

(a) obtaining credentials for authorizing the principal from a validation center; 

(b) establishing a first secure connection for exchanging data between the client and the 
network server; 

(c) transmitting from the client computer to the network server over the first secure 
connection the principal-authenticating credentials; 

(d) transmitting the principal-authenticating credentials from the network server to the 
validation center; 

(e) transmitting permission data for the network server from the validation center to the 
network server based on the principal-authenticating credentials; 

(f) verifying the authorization of the principal in the network server to access a digital 
certificate and issuing a digital certificate to the network server, 

(g) establishing a second secure connection for exchanging data between the network server 
and the destination server based on the digital certificate; and 

(h) executing a command interpreter in the destination server computer 

wherein the command interpreter may execute commands sent by (he client compute r via the 
network server over the second secure connection. 
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24. (Currently Amended) A computer system for enhancing the security of one or more 
messages sent by a principal comprising: 

a client computer for transmitting principal-authenticating credentials and the one or 
more messages; 

a gateway computer operatively connected to the client computer, the gateway computer 
recei ving principal-authenticating credentials and the one or more messages from the client 
computer; I 

a validation oomputer operatively connected to the gateway computer and capable of 
receiving the principal-authenticating credentials from the gateway computer and of transmitting 
permission data based on the principal-authenticating credentials to the gateway computer; and ? 

one or more host computers opemtively connected to the gateway computer and 
operating on any computer platform, 

wherein, based on the permission data, the gateway computer establishes a secure 
connection with at least one of the one or more host computers, and j 

wherein the gateway computer transmits the one or more messages to at least one of the 
host computers over the secure connection . 

25. (Original) The system of claim 24 wherein the gateway computer further comprises a 
gateway certificate server for transmitting the principal-authenticating credentials to the 
validation center and for receiving the permission data from the validation computer- 

26. (Original) The system of claim 24 wherein the gateway computer further comprises one or 
more remote command execution clients for establishing one or more secure connections to the 
one or more host computers based on the permission data. 

27. (Original) The system of claim 24 wherein each of the one or more host computers further 
comprises a host proxy and execution server for establishing a secure connection between each 
of the one or more host computers and the gateway computer 

28. (Original) The system of claim 27 wherein the host proxy and execution server executes a 
command interpreter for executing commands contained in the one or more messages. 
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29. (Currently Amended) A computer system for providing a remote interactive login 
connection comprising: 

a client computer for transmitting principal-authenticating credentials and a message: 

a gateway computer operatively connected to the client computer, the gateway computer 
receiving the principal-authenticating credentials and the message from the client computer. 

a validation computer operatively connected to the gateway computer and capable of 
receiving the principal-authenticating credentials from the gateway computer and of transmitting 
permission data based on the principal-authenticating credentials to the gateway computer; and 

one or more host computers operatively connected to the gateway computer and 
operating on any computer platform, 

wherein, based on the permission data, the gateway computer establishes a secure 
connection with the host compute r, and transmits the message to the host computer over the 
secure connection . 

30, (Original) The system of claim 29 wherein the gateway computer further comprises a 
gateway proxy and execution server for establishing a secure connection to the at least one host 
computer based on the permission data 

3 1 - (Original) The system of claim 29 wherein the host computer further comprises a host proxy 
and execution server for establishing a secure connection between the at least one host computer 
and the gateway computer. 

32. (Original) The system of claim 3 1 wherein the host proxy and execution server executes a 
command interpreter for executing commands. 

33. (Original) The system of claim 29 wherein the client computer further comprises a 
downloadable executable interactive client (DEIC) for establishing a secure connection with the 
gateway computer. 
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34. (Original) The system of claim 33 wherein the downloadable executable interactive client 
PEIC) comprises a Java applet. 

35. (Original) The system of claim 29 wherein the gateway computer temporarily stores the 
principal-authenticating information. 

36. (Currently Amended) A computer program product for use with a computer system, 

the computer program product comprising a computer readable storage medium and a 
computer program stored therein for carrying out a process comprising: 

(a) obtaining by the client computer credentials for authorizing the principal from a 
validation center; 

(b) establishing a first secure connection for exchanging data between a client and a 
network server; 

(c) transmitting from the client computer to the network server over the first secure 
connection the principal-authenticating credentials and the message; 

(d) transmitting the principal-authenticating credentials from the network server to 
the validation center; 

(e) transmitting permission data for the network server from the validation center to 
the network server based on the principal-authenticating credentials; 

(f) verifying the authorization of the principal in the network server to access a 
digital certificate and issuing a digital certificate to the network server; 

(g) establishing a second secure connection for exchanging data between the network 
server and a destination server based on the digital certificate; and 

(h) transmitting the message from the network server to the destination server over 
the second secure connection 
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